Lawmakers Chide Colonial Pipeline for Weak Cybersecurity
[Stay on top of transportation news: Get TTNews in your inbox.]
U.S. lawmakers criticized Colonial Pipeline Co.’s cybersecurity practices as the company’s CEO faced his second day of questioning on Capitol Hill.
“If your pipeline provides fuel to 45% of the East Coast, why are you only hardening systems after an attack? Why wasn’t it done beforehand?” said Rep. John Katko (R-N.Y.), ranking member of the House Homeland Security Committee, which held a hearing June 9 on lessons learned from the attack.
The committee hearing with Joseph Blount Jr. came after a ransomware attack May 7 forced Colonial to shut down. The attack raised gas prices and caused fuel shortages across the East Coast. Blount paid a 75-bitcoin ransom to the attackers to restart operations, and on June 7, FBI announced that it had recouped 63.7 bitcoin of this payment. Because of the declining value of bitcoin since the ransom was paid, the U.S. seizure in late May amounted to $2.3 million, just more than half the $4.4 million paid weeks earlier after the ransom was demanded.
“I hope Colonial will use the recouped money to make necessary improvements to its cybersecurity,” said Rep. Bennie Thompson (D-Miss.), who chairs the committee.
Blount largely restated his comments from the day before, when he appeared before a Senate committee, apologizing for the disruption but defending his company’s response. Under questioning, he said he didn’t discuss paying a ransom with FBI or other U.S. agencies before making the payment.
Blount told lawmakers that he expected that his company’s cyberinsurance would cover the cost of the ransom.
“We will be doing a lot of things differently,” he said. “We’re headed toward a lot more hardening and a lot of different architecture than we had before, mainly because we’ve been compromised and we need to change.”
Want more news? Listen to today's daily briefing below or go here for more info: